Authentication Problem disabling Event Handlers

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
iam33
Posts: 58
Joined: Mon Mar 18, 2013 5:30 am

Authentication Problem disabling Event Handlers

Post by iam33 »

Thanks in advance!
When I try to disable Event Handlers, accessing by "Tactical Overview" -> "Event Handlers" -> Event Handlers check icon -> Commit Button. An error occurs with th text:
Sorry, but you are not authorized to commit the specified command.
Read the section of the documentation that deals with authentication and authorization in the CGIs for more information.
Return from whence you came


This is my current config:

ls -ltra / opt / nagios / var / rw
srw-rw ---- 1 nagios nagcmd 0 Jan 11 18:12 nagios.qh
drwxrwsrwx 2 nagios nagcmd 4096 Jan 11 18:12.
prw-rw ---- 1 nagios nagcmd 0 Jan 15 08:45 nagios.cmd
drwxrwxrwx 5 nagios nagios 4096 Jan 15 09:49 ..

/ etc / group
nagios: x: 503: apache
nagcmd: x: 504: nagios, apache


I have Access to Nagios Web Admin by LDAP Authentification. In my /opt/apache/conf/extra/httpd-nagios.conf have:

ScriptAlias ​​/ nagios / cgi-bin / opt / nagios / sbin
<Directory "/ opt / nagios / sbin">
Options ExecCGI
AllowOverride None
Order allow, deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindDN "CN = X, OU = X, OU = X, OU = X, DC = X, DC = X"
AuthLDAPBindPassword XXXX
AuthLDAPURL "ldap: // XXXXX"
AuthLDAPGroupAttributeIsDN on
require ldap-group CN = X, OU = X, OU = X, OU = \ <X \>, DC = X, DC = X
AuthzLDAPAuthoritative on
</ Directory>

Alias ​​/ nagios / opt / nagios / share

<Directory "/ opt / nagios / share">
Options None
AllowOverride None
Order allow, deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindDN "CN = X, OU = X, OU = X, OU = X, DC = X, DC = X"
AuthLDAPBindPassword XXXX
AuthLDAPURL "ldap: // XXXXX"
AuthLDAPGroupAttributeIsDN on
require ldap-group CN = X, OU = X, OU = X, OU = \ <X \>, DC = X, DC = X
AuthzLDAPAuthoritative on
</ Directory>


Where is my problem? I can't find the root of the problem ..
Could you help me?
thank you so much!
Last edited by iam33 on Wed Jan 17, 2018 2:49 am, edited 1 time in total.
iam33
Posts: 58
Joined: Mon Mar 18, 2013 5:30 am

Re: Authentication Problem disabling Event Handlers

Post by iam33 »

I have found the problema is in cgi.cfg, in this file it´s necesary put all user that need cgi admin priviledges in there. But my problema comes with my LDAP configuration, how could I put the ldap group in this config like in httpd?
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Authentication Problem disabling Event Handlers

Post by tgriep »

You cannot use a LDAP group in the cgi.cfg file so you would have to add each username to those options so the users will get the authorizations they need or you can put an "*" asterisk for the username so when any user logs in to the server, they will get the permissions granted to them.

In this examples ldapuser1 and ldapuser2 are the only two users with administrator right, all other user can login Nagios as normal user.

Code: Select all

authorized_for_configuration_information=ldapuser1,ldapuser2
authorized_for_system_commands=ldapuser1,ldapuser2
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*
Be sure to check out our Knowledgebase for helpful articles and solutions!
iam33
Posts: 58
Joined: Mon Mar 18, 2013 5:30 am

Re: Authentication Problem disabling Event Handlers

Post by iam33 »

Hi, thanks!

I suppoused that about the ldap groups....it would be so good thar it would facility the manage task....

NOTE: For Enable /Disable event handlers, notifications or active/pasive checks from cgis, it´s only necesary include de users in this parameters of cgi.cfg:
authorized_for_system_commands
authorized_for_all_service_commands
authorized_for_all_host_commands
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Authentication Problem disabling Event Handlers

Post by tgriep »

Your welcome, let us know if you have any further questions of that is it OK to lock the post.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked